Non-JavaScript Cryptojacking Reaps More Than $144M, Researcher Finds

NEWS ANALYSIS: Cryptojacking attacks are finding success and have now gained the attention of the U.S Federal Trade Commission (FTC).


Unauthorized crypto-currency mining, commonly referred to as cryptojacking, is a problem that doesn't seem to be slowing down and continues to be challenge for enterprises and individuals. It's challenge that hasn't escaped the notice of the U.S Federal Trade Commission (FTC), which is now enabling individuals to file complaints about alleged cryptojacking.

The FTC's new complaint system for cryptojacking attacks comes as attackers are reaping increasing rewards from the attack method. A report released June 11 by security firm Palo Alto Networks, sheds new light on the size and scope of a specific class of cryptojacking attacks, claiming that attackers have generated at least $143 million in illicit earnings.

Many types of crypto-currencies are often created or mined by using computational power on the blockchain, to uncover a cryptocoin. Crypto-currency mining itself can be a legitimate activity when the mining is done by an authorized individual using authorized resources. Cryptojacking is what happens when an attacker gains unauthorized access to compute resources to mine crypto-currency. 

Palo Alto security researcher Josh Grunzweig looked at data collected by his company's network to try and determine how much cryptojacking activity is actually occurring.  Grunzweig did not look at mining that occurs via JavaScript, that is embedded in web browsers with scripts such as Coinhive, but rather looked at other forms of malware that was able to infect individual systems and servers. As multiple other reports over the last year have found, the Monero is the most sought-after crypto-currency in cryptojacking attacks. At the top of the crypto-mining chain are Monero addresses, where the mined coins are held.

"By querying the top eight mining pools for all 2,341 Monero addresses, I was able to determine exactly how much Monero has been mined historically with a high degree of accuracy," Grunzweig wrote.

Grunzweig determined that a total of 798,613.33 Monero (XMR )had been mined, which has an approximate value of $144 million. He added that the total amount of Monero he was able to identify only accounts for roughly five percent of all Monero currently in circulation. Grunzweig also warned that his figures for the amount of Monero mined by cryptojacking is likely on the low side, since he doesn't take into account JavaScript, web-based miners.

Of particular note in Grunzweig's data is the finding that 45 percent of the 2,341 Monero addresses he associated with cryptojacking efforts ended up generating 0.01 XMR (approximately $2.20) or less. Cryptojacking, much like spam, is apparently a high-volume activity, with only limited conversions. Though even with the limited success rate per infected host, cryptojacking is not a trivial problem.


Security researchers aren't the only people looking into the problem of cryptojacking. The FTC confirms it's also its actively investigating the issue.

"Cryptojacking scams have continued to evolve and they don’t even need you to install anything," Jason Adler, Assistant Director, Midwest Region for the FTC wrote in a blog post. "While the scammer cashes out, your device may slow down, burn through battery power or crash.

The FTC offered a number of suggestions for consumers to help limit the risk of becoming a cryptojacking victim. The FTC's advice is good basic hygiene for any IT user and includes using antivirus software, keeping systems updated and not clicking on suspicious links. While some forms of malware don't have obvious clues that an IT user can spot, for cryptojacking to be effective, it needs to consume compute resources which can be an indicator of compromise.

"Look for and close performance hogs: It can be hard to diagnose cryptojacking, but one common symptom is poor device performance," the FTC suggests. "Consider closing sites or apps that slow your device or drain your battery."

The FTC now also wants consumers to report cryptojacking attacks via the commission's page.

In contrast to some other forms of malware-based attacks that can disrupt systems, cryptojacking is something that attackers have been able to directly monetize. As long as the value of Monero remains high and the barriers to cryptojacking infections remain low, it's likely that cryptojacking attacks will continue to be a challenge and there will be no shortage of complaints to the FTC.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.